Running c-lightning on OpenBSD ⚡️🐡
Power your Lightning node with OpenBSD to reduce its attack surface
The Lightning Network has grown tremendously since it reached the Bitcoin mainnet back in early 2018. The network is slowly reaching maturity with all implementations now in beta and new features being added steadily — like multi-path payments, keysend, large Wumbo channels, and new privacy improvements.
Exciting new features like Wumbo channels and Multi-Part Payments (MPP) coming to the Lightning Network also means we have a bigger need to fortify the systems our nodes are running on. Large amounts of BTC in a hot wallet is a sure bet for attracting unwanted attention. So it’s best to be proactive and research ways to reduce the attack surface of the systems that your BTC sits on.
Since nodes are securing more and more BTC, it may be a good time to consider minimizing the amount of extra running code on your node’s operating system. A famously minimalist operating system is OpenBSD.
OpenBSD is an operating system (like Windows or Linux) focused on minimizing security faults in its code. Commonly used to power firewalls and routers as a first line of defense, it’s also suitable for servers and can even be used as a workstation OS. It runs on all of the popular CPU architectures like x86 and ARM (for those running nodes on Raspberry Pis) as well.
A Lightning node has to be exposed to the internet in order to accept incoming channel requests, so OpenBSD could be a good fit. In this post, I put together a quick guide for compiling
c-lighting on OpenBSD. Both Bitcoin Core and c-lightning run on OpenBSD with no modifications, so the process is simple!
Build and install
Make sure you’ve installed
c-lightning requires it. Bitcoin Core ships instructions for building and installing bitcoind on OpenBSD.
From there, the process for compiling and installing c-lightning is relatively straightforward. Open the terminal, and enter the following commands one-by-one.
pkg_add git python gmake py3-pip libtool gmp
git clone https://github.com/elementsproject/lightning
cd lightning && git checkout v0.9.3
pkg_add automake # pick the highest version e.g. 1.16.2
pkg_add autoconf # pick the highest version e.g. 2.69p2
pip3.7 install --user mako
pip3.7 install --user mrkd
export PATH=$PATH=/home/<your username>/.local/bin
gmake install # as root
Once you’ve built and installed c-lightning, it’s just a matter of starting up Bitcoin Core and syncing the Bitcoin blockchain. Then, just as you would on a Linux distro, you can fire up
lightningd to start opening Lightning channels!